摘要： 虚拟机在虚拟化环境下代替本地终端直接与应用服务器交互，但在使用本地密码设备时虚拟硬件不支持密码设备的接口。针对上述问题，提出将虚拟密码设备系统(VCDS)作为中间方连接本地终端的真实密码设备和虚拟终端应用层的方案。给出VCDS各核心模块的设计和实现，对系统进行安全性分析，证明其有助于保证虚拟终端透明地使用本地真实密码设备，提供良好的加密认证等安全服务。

关键词: 虚拟桌面, 密码设备, 安全服务, 本地终端, 虚拟终端

Abstract: Virtual machine, instead of the local terminal, communicates with application server in virtual environment. However, the virtual hardware may not support the interface of the cryptographic device when virtual machine uses the local cryptographic device. This paper proposes to develop Virtual Cryptographic Device System(VCDS) as the intermediate party, which combines the real cryptographic device plugged into the local terminal and the application layer of virtual terminal. It describes the designs of the core modules, as well as the implementations of VCDS, and analyzes its security. This system helps to ensure the transparency when virtual terminal using local real cryptographic device, and provides a good service of encryption, authentication and so on.

Key words: virtual desktop, cryptographic device, security service, local terminal, virtual terminal

中图分类号: 

• TP309